OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 17.1 Legacy Series »
  • Webproxy accepting revoked certificates
« previous next »
  • Print
Pages: [1]

Author Topic: Webproxy accepting revoked certificates  (Read 1205 times)

netranger

  • Newbie
  • *
  • Posts: 39
  • Karma: 5
    • View Profile
Webproxy accepting revoked certificates
« on: May 27, 2017, 01:15:06 pm »
Hi guys,

I was playing around with HTTPS interception and noticed that the webproxy seems to accept revoked certificates (see screenshot revoked_interception.PNG).

If I disable HTTPS interception and try the testpage again, my browser blocks this page (see screenshot revoked_nointerception.PNG).

Is there something I can do to block those certificates using the webproxy? Other certificates, for example expired ones, get blocked correctly.

Cheers,
Netranger

Logged

fabian

  • Hero Member
  • *****
  • Posts: 2437
  • Karma: 171
  • OPNsense Contributor (Language, VPN, Proxy, etc.)
    • View Profile
    • Personal Homepage
Re: Webproxy accepting revoked certificates
« Reply #1 on: May 27, 2017, 01:44:45 pm »
This post says this is an OpenSSL problem (hard to bring openssl to do the check): http://lists.squid-cache.org/pipermail/squid-users/2015-October/005894.html
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 17.1 Legacy Series »
  • Webproxy accepting revoked certificates
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2021 All rights reserved
  • SMF 2.0.17 | SMF © 2019, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2